Feds Charge Alleged ‘TLO’ Underground Data Broker

In August we revealed the secret weapon hackers can use to dox nearly anyone in America for $15. Now, authorities have targeted at least one of the data sellers.
A mask, drugs, and ammunition.
A screenshot from a chat where so-called TLO data services are advertised. Image: 404 Media.

This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records.

Authorities charged a man from Baltimore on Monday with allegedly running a so-called TLO data service, a tool that makes it incredibly easy for hackers and other criminals to dox nearly anyone in America quickly and for cheap. Chouby Charleron allegedly sold the personal identifying information (PII), including Social Security numbers, of more than 5,000 victims, according to recently unsealed court records.

The news shows the continued use of TLO data services in the digital underground, a practice that I first revealed in August. The tools, which are often automated, take their name from the powerful TLOxp data service owned by credit bureau TransUnion which debt collectors, law enforcement, and other sectors are able to access. Although these services don’t always necessarily source their data from TLOxp itself, in this case Charleron’s co-conspirators allegedly used the obtained data to carry out credit card fraud. I’ve also found these services advertised to groups of violent criminals that hack, rob, and steal from one another and outside victims. Targets have included YouTubers, high profile celebrities, politicians, and seemingly ordinary people.

The news also highlights the risk posed by the proliferation of credit header data, which is personal information that people are essentially forced to provide to the credit bureaus in order to have a credit card, and which the bureaus then sell or provide to a wide range of third parties. This data has since trickled down to criminals and some of these TLO-branded services.